Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient High
CVE-2026-49853 was published for tornado (pip) Jun 15, 2026
noobone123 Credited to noobone123, SnailSploit, 0xHunSec, and sondt99 SnailSploit SnailSploit
0xHunSec 0xHunSec sondt99 sondt99
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
PraisonAI: Arbitrary File Read via `@file:` Mention Path Traversal High
GHSA-2rcg-mm5h-xchx was published for praisonaiagents (pip) Jun 18, 2026
sondt99 Credited to sondt99
PraisonAI: IMAP Command Injection via Unsanitized Email Search Parameters High
GHSA-c969-5x3p-vq3v was published for praisonaiagents (pip) Jun 18, 2026
sondt99 Credited to sondt99
kulesy Credited to kulesy, sondt99, and dungNHVhust sondt99 sondt99
dungNHVhust dungNHVhust
Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning High
GHSA-2fmp-9rvw-hc96 was published for network-ai (npm) Jun 19, 2026
sondt99 Credited to sondt99
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
Nezha's authenticated agents can forge service-monitor results for other users' services High
CVE-2026-48119 was published for github.com/nezhahq/nezha (Go) Jun 1, 2026
sondt99 Credited to sondt99
Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents High
CVE-2026-49396 was published for github.com/nezhahq/nezha (Go) Jun 10, 2026
sondt99 Credited to sondt99
Centrifugo's dynamic JWKS key cache keyed only by `kid` allows cross-issuer JWT authentication bypass High
CVE-2026-49998 was published for github.com/centrifugal/centrifugo (Go) Jul 1, 2026
sondt99 Credited to sondt99
ProTip! Advisories are also available from the GraphQL API